Injection Vulnerabilities Flashcards

1
Q

What should you attempt to fuzz when looking for injection points?

A

You should attempt all inputs. Also URL query parameters and headers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why is it important to know details about the API when performing fuzzing?

A

Because knowing the operating system, programming language, frameworks and other tools that are being used is useful to send the right fuzzing payloads to cause an unintended response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are SQL metacharacters?

A

They are characters that are treated as a function by SQL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A form does not perform any kind of input validation in the username field. By interacting with it, you were able to get a verbose response that gave away the complete SQL query:
SELECT * FROM userdb WHERE username = ‘hAPI_hacker’ AND password = ‘Password1!’
How could you exploit this using SQL injection?

A

Insert on the username field the following string:
hAPI_hacker’ OR ‘1=1’ – -
This value would close the single quote for the username, make the query result to be always true and use the single line comment metacharacter to remove the password verification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the act of fuzzing an API?

A

It’s the process of sending various types of input to an endpoint to cause an unintended response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does a fuzzing payload usually include?

A

Anything that could cause an unintended response, something that the API is not programed to handle, like symbols, numbers, system commands, SQL queries, boolean operators, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What do you expect when fuzzing an API?

A

Any unintended response or behavior.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which tool is ideal for fuzzing across an entire API?

A

Postman Collection Runner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which tools are ideal for fuzzing deep into an individual request?

A

WFuzz and BurpSuite intruder

How well did you know this?
1
Not at all
2
3
4
5
Perfectly